In a very heterogenous environment with many different vendors, OSes, applications and such, how do you keep track of it all? I am responsible for the security of this environment and I'm looking for some type of database solution which I can call upon when a vulnerability is released. Basically, I'm looking for a birds-eye view of the exposure a certain vulnerability may reveal.
Also, how about information access control? Any suggestions for keeping track of who has access to what systems in an environment with approximately 400 employees?